Monthly Archives: January 2013

Softpedia – (International) Java 7 zero-day exploit used to distribute Reveton ransomware. Trend Micro researchers found that the recently uncovered Java 7 zero-day exploit is being used to Reveton ransomware. The U.S. Computer Emergency Readiness Team (US-CERT) also issued an advisory about the zero-day and recommended that users disable Java until a patch is available. […]

Threatpost – (International) Nasty new Java zero day found; Exploit kits already have it. A researcher discovered and others confirmed a zero-day exploit for Java that is already being used by the popular Blackhole, Nuclear Pack, and Cool exploit kits. Source: http://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013

Threatpost – (International) Exploit code, Metasploit module out for Ruby on Rails flaws. Proof-of-concept exploit code and a penetration testing module were released for several Ruby on Rails vulnerabilities that could allow arbitrary code execution and the installation of backdoors, presenting a major vulnerability for Web sites using versions other than the most recently released. […]

IDG News Service – (International) Botnets for hire likely attacked U.S. banks. A recent campaign of distributed denial of service (DDoS) attacks on U.S. banks appears to be using botnets for hire, according to an analysis by security firm Incapsula. Source: http://www.computerworld.com/s/article/9235525/Botnets_for_hire_likely_attacked_U.S._banks

Help Net Security – (International) All Ruby on Rails versions affected by SQL injection flaw. The developers of Ruby on Rails released three new versions of the application framework to address an SQL injection vulnerability present in all past iterations of the software. Source: http://www.net-security.org/secworld.php?id=14173